{"id":462,"date":"2012-03-30T15:59:58","date_gmt":"2012-03-30T15:59:58","guid":{"rendered":"http:\/\/corbdesign.com\/blog\/?p=462"},"modified":"2012-03-30T15:59:58","modified_gmt":"2012-03-30T15:59:58","slug":"getting-fb-access-token","status":"publish","type":"post","link":"https:\/\/corbinrose.com\/blog\/technology\/getting-fb-access-token\/","title":{"rendered":"Getting FB access token"},"content":{"rendered":"\n

Facebook Graph API \u2014 getting access tokens<\/h2>\n\n\n\n

completely “borrowed” from this site<\/a><\/em><\/p>\n\n\n\n

\n

Assume an application with an id 116122545078207<\/em>, and using the URL of the blog (http:\/\/benbiddington.wordpress.com) to collect request tokens.<\/p>\n

Following the instructions as specified in section 3.5.1.1., Client Requests Authorization,<\/em> of the specification<\/a>, this is a one-step process:<\/p>\n

Open this in a browser:<\/p>\n

https:\/\/graph.facebook.com\/oauth\/authorize?\n    type=user_agent&\n    client_id=116122545078207&\n    redirect_uri=http%3A%2F%2Fbenbiddington.wordpress.com&\n    scope=user_photos,email,user_birthday,user_online_presence<\/pre>\n
<\/div>\n
Note: there are several options for scope. These are called extended permissions<\/a>.<\/p>\n
Note: unless you specify offline_access<\/strong>, your tokens will expire as soon as the user signs out of facebook.<\/p>\n
Note: client_secret<\/em> is not supplied:<\/p>\n
[3.5.1.  User-Agent Flow<\/a>] This user-agent flow does not utilize the client secret since the client executables reside on the end user\u2019s computer or device which makes the client secret accessible and exploitable.<\/p><\/blockquote>\n
You\u2019ll be redirected to:<\/p>\n
http:\/\/benbiddington.wordpress.com\/#access_token=\n    116122545078207|\n    2.1vGZASUSFMHeMVgQ_9P60Q__.3600.1272535200-500880518|\n    QXlU1XfJR1mMagHLPtaMjJzFZp4.<\/pre>\n
<\/div>\n
And you have your access token, you can go ahead and use it:<\/p>\n
https:\/\/graph.facebook.com\/me?access_token=\n    116122545078207|\n    2.1vGZASUSFMHeMVgQ_9P60Q__.3600.1272535200-500880518|\n    QXlU1XfJR1mMagHLPtaMjJzFZp4.<\/pre>\n
<\/div>\n
According to section 3.5.1. Client Requests Authorization<\/a><\/em>, because we have not supplied the optionalsecret_type:<\/em><\/p>\n
secret_type\n    OPTIONAL. The access token secret type as described by \n    Section 5.3. If omitted, the authorization server will issue\n    a bearer token (an access token without a matching secret) \n    as described by Section 5.2.<\/pre>\n
<\/div>\n
<\/p>\n
What can you do with the graph?<\/strong><\/h3>\n
Borrowed from https:\/\/developers.facebook.com\/docs\/reference\/api\/<\/a><\/p>\n
At Facebook’s core is the social graph; people and the connections they have to everything they care about. The Graph API presents a simple, consistent view of the Facebook social graph, uniformly representing objects in the graph (e.g., people<\/a>, photos<\/a>, events<\/a>, and pages<\/a>) and the connections between them (e.g., friend relationships, shared content, and photo tags).<\/p>\n
Every object in the social graph has a unique ID. You can access the properties of an object by requesting<\/p>\n
https:\/\/graph.facebook.com\/ID<\/pre>\n
<\/div>\n
. For example, the official page for the Facebook Platform<\/a> has id 19292868552, so you can fetch the object at https:\/\/graph.facebook.com\/19292868552<\/a>:<\/p>\n
{ \n\"name\": \"Facebook Platform\", \n\"website\": \"http:\/\/developers.facebook.com\", \n\"username\": \"platform\", \"founded\": \"May 2007\", \n\"company_overview\": \"Facebook Platform enables anyone to build...\",\n \"mission\": \"To make the web more open and social.\",\n \"products\": \"Facebook Application Programming Interface (API)...\",\n \"likes\": 449921,\n \"id\": 19292868552,\n \"category\": \"Technology\" \n}<\/pre>\n
<\/div>\n
Alternatively, people and pages with usernames can be accessed using their username as an ID. Since “platform” is the username for the page above, https:\/\/graph.facebook.com\/platform<\/a> will return what you expect. All responses are JSON objects.<\/p>\n
All objects in Facebook can be accessed in the same way:<\/p>\n